Platform
wordpress
Component
social-profilr-display-social-network-profile
Fixed in
1.0.1
CVE-2025-49343 identifies a Cross-Site Request Forgery (CSRF) vulnerability within the Social Profilr WordPress plugin. This flaw enables attackers to execute unauthorized actions on behalf of authenticated users, potentially leading to Stored XSS attacks. The vulnerability impacts versions from 0.0.0 through 1.0. A fix is pending, and users should implement temporary mitigations until a patched version is released.
The CSRF vulnerability in Social Profilr allows an attacker to craft malicious requests that appear to originate from a legitimate user. Successful exploitation can lead to unauthorized modifications of user profiles, creation of new accounts with elevated privileges, or the execution of arbitrary JavaScript code via Stored XSS. This could result in account takeover, data theft, and defacement of the website. The Stored XSS component amplifies the impact, allowing persistent malicious scripts to affect multiple users who visit the affected pages. The blast radius extends to all users of the Social Profilr plugin, particularly those with administrative privileges.
The vulnerability was publicly disclosed on 2025-12-31. There is currently no indication of active exploitation campaigns targeting this specific vulnerability. The CVSS score of 7.1 (HIGH) suggests a moderate likelihood of exploitation if a public proof-of-concept is released. Monitor security advisories and vulnerability databases for updates.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
Since a patched version is not yet available, immediate mitigation focuses on reducing the attack surface. Implement strict input validation on all user-supplied data within the Social Profilr plugin to prevent malicious code injection. Consider using a Web Application Firewall (WAF) with CSRF protection rules to filter out suspicious requests. Additionally, enforce strong password policies and enable multi-factor authentication for all user accounts. Regularly review WordPress plugin settings and disable any unnecessary plugins to minimize potential vulnerabilities. After a patched version is released, upgrade Social Profilr immediately and verify functionality by testing profile updates and social network integrations.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-49343 is a Cross-Site Request Forgery (CSRF) vulnerability in the Social Profilr WordPress plugin, allowing attackers to perform actions as authenticated users and potentially execute Stored XSS.
You are affected if your WordPress site uses the Social Profilr plugin and is running version 0.0.0 through 1.0. Immediate mitigation is recommended.
Upgrade to a patched version of the Social Profilr plugin as soon as it becomes available. Until then, implement input validation and consider using a WAF.
There is currently no confirmed active exploitation of CVE-2025-49343, but the HIGH severity score indicates a potential risk.
Refer to the Social Profilr plugin's official website or WordPress plugin repository for updates and advisories regarding CVE-2025-49343.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.